Real news from the privacy world

US surveillance backdoors and the reauthorization of Section 702

Federal authorities say they can request US tech companies to build surveillance backdoors into their products without any court order, ZDNet reported. In related news, Congress is expected to vote on reauthorization of the controversial Section 702 by December 8.

Encryption backdoors with no court warrant

The government made its comments on encryption in July in response to questions raised by Sen. Ron Wyden (D-OR), but they were only released this weekend.

The implication is that the government can use its legal authority to ask a US-based company for “technical assistance” in secret. Such assistance may include building an encryption backdoor into a product. If the company refuses, federal authorities can petition the Foreign Intelligence Surveillance Court (FISC) to force it to comply with the request.

National security blogger Marcy Wheeler explained in a blog post last month that the FISC can approve a twelve-month certificate stating that the government needs assistance from a US tech company. However, it doesn’t require a specification of what kind of help is needed. That gives the government an extensive range of powers to issue requests for access without any further approval or review from the FISC.

The most infamous row over encryption until now has involved Apple and the FBI. The latter has demanded the authorization to enforce assistance from tech companies to bypass security on devices like suspects’ iPhones, despite the fact that anyone who knows about the backdoors could then exploit them.

Section 702 reauthorization approaching

The revelation comes in the light of the news that the House Intelligence Committee has approved a bill to renew Section 702 – a provision in the Foreign Intelligence Surveillance Act that permits the collection of intelligence data on foreigners who live outside the US.

The legislation was submitted by Chairman Rep. Devin Nunes (R-CA) on November 29 – only two days before the committee vote – as the December 31 deadline to reauthorize Section 702 nears.

In the past several weeks, lawmakers have presented at least five bills on the subject, three of which have secured the support of congressional panels. The House Intelligence Committee proposal joins competing bills from the Senate Intelligence and House Judiciary committees, each of them containing different limitations and timelines for Section 702.

This particular bill would require government agencies to secure a court order before they can retrieve communications that came from or were sent to US citizens and were gathered by the NSA through Section 702. The court would then have two days to rule on the legality of the request.

However, the provision left privacy advocates disappointed, because the court considers any request for purposes of foreign intelligence or law enforcement to be legal.

Major tech companies including Facebook, Google and Apple have formed a group called Reform Government Surveillance, which campaigns for governments around the world to strengthen digital privacy protections. It issued a lengthy statement Thursday (November 30) condemning the bill, which it said may widen government surveillance.

Richard Burr, Chairman of the Senate Intelligence Committee, stated earlier that there would be no Congress vote on a stand-alone surveillance measure. Instead, the reauthorization of FISA Section 702 is likely to come attached to a must-pass budget bill, on which Congress must vote by December 8 to keep the government open.

Arguments for and against Section 702

Advocates of reauthorizing Section 702 without significant reforms emphasize the surveillance of terrorist suspects. They would like Americans to believe their communications are safe from being collected if they have no ties to terrorists.

However, this is just not the case. Recent comprehensive analysis of publicly available records has shed light on compliance violations that had occurred since the introduction of Section 702 in 2008. It appears that the provision has enabled gathering vast amount of data about US citizens unintentionally.

Unsurprisingly, opponents of unchecked mass surveillance believe that, rather than go right to the content of Americans’ private communications, the government should use the authorities it already has to surveil specific suspects.

Even more worryingly, the shadowy nature of the US intelligence bodies does not inspire trust in adequate protections against potential abuse of spying programs. In fact, President Trump himself has frequently expressed his desire that his political enemies be investigated. Are there sufficient external checks to prevent his administration from co-opting the enormous power of the US intelligence agencies for their own political agenda?

Which of the multiple competing bills will be advanced for a congressional vote? Will the NSA lose some of its powers or will the mass surveillance expand even further? These are the questions to be answered this week.